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Amendments to the Claims : 

This listing of claims replaces all prior versions and listings of claims in the application: 

Listing of Claims : 

1 . (Currently Amended) A method performed in a document management system of controlling 
access to an electronic document, comprising: 

receiving at a document management system a request from a first user for an electronic 
document at a first user location, the document management system storing a rendition of the 
electronic document being stored in a document repository , the document management system 
maintaining a set of access policies for the electronic document, the set of access policies 
including access policies for a plurality of users, each user having an identity on the document 
management system, the document management system authenticating users based on the users' 
identities, the document having multiple renditions, the access policies applying to the document 
and the multiple renditions of the document in the document managomont system ; 

authenticating the first user at the document management system using [[a] ] the set of 
access policies for the electronic document^,]] the set of access policies including access 
policies for a plurality of users; 

verifying that the first user is authorized to obtain the electronic document, an d then 
when the first user is authorized to obtain the electronic document, passing an encrypted 
rendition of the electronic document to the first user; 

receiving at the document management system a request from a {[the]] second user for 
access to the encrypted rendition, where the second user received the encrypted rendition from 
the first user; 

authenticating the second user at the document management system[[,]] using the set of 
access policies]!,]] to establish which operations the second user is allowed to perform on the 
encrypted rendition; 

creating, at the document management system, a voucher for accessing the encrypted 
rendition, the voucher including the set of access policies for controlling access to the encrypted 
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rendition of the electronic document, the voucher further including an electronic key operable to 
decrypt the encrypted rendition of the electronic document; and 

passing the electronic voucher to the second user located at a second user location. 

2. (Original) The method of claim 1, further comprising: 

creating, at the document management system, the encrypted rendition using the 
rendition that is stored in the document repository. 

3. (Original) The method of claim 1, wherein creating a voucher comprises: 

obtaining the set of access policies for the second user from an access control list that is 
associated with the electronic document; and 

including the obtained set of access policies in the electronic voucher. 

4. (Original) The method of claim 1, wherein the set of access policies for the electronic 
document identify one or more of the following operations: 

adding content to the rendition, adding comments to the rendition, applying a digital 
signature to the rendition, saving the rendition, printing the rendition, importing form data into 
the rendition, exporting form data from the rendition, and transmitting the rendition to another 
user. 

5. (Previously Presented) The method of claim 1, where the set of access policies include: 

a list of application rights. 

6. (Original) The method of claim 1, further comprising: 

including expiration information in the electronic voucher prior to passing the electronic 
voucher to the second user location. 

7. (Original) The method of claim 6, wherein the expiration information includes one or more 
of: 

a predetermined number of access operations before the voucher expires, a particular 
time period before the voucher expires, and a particular time when the voucher expires. 
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8. (Original) The method of claim 2, wherein: 

providing the encrypted rendition includes providing the encrypted rendition from a 
location other than the document repository. 

9. (Cancelled) 

10. (Original) The method of claim 1, wherein the rendition is a Portable Document Format 
document. 

11. (Original) The method of claim 1, further comprising: 

recording information relating to the request in an audit trail for the electronic document. 

12. (Original) The method of claim 1 , wherein the first user and the second user are the same 
individual. 

13. (Original) The method of claim 1, wherein the first user location and the second user 
location are identical. 

14. (Currently Amended) A method of accessing an electronic document, comprising: 

requesting, from a document management system, access to an electronic document for a 
user at a user location, one or more renditions of the electronic document being stored in a 
document repository in the document management system , the document management system 
maintaining a set of access policies for the electronic document, the set of access policies 
including access policies for a plurality of users, each user having an identity on the document 
management system, the document management system authenticating users based on the users' 
identities, the document having multiple renditions, the access policies applying to the document 
and the multiple renditions of the document, wherein requesting access to an electronic 
document for a user at a user location includes providing authentication information to 
authenticate the user to the document management system ; 

receiving at the user location an electronic voucher from the document management 
system for the electronic document, the electronic voucher including a set of access policies for 
accessing an encrypted rendition of the electronic document, the set of access policies including 
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access policies for a plurality of users, and an electronic key operable to decrypt the encrypted 
rendition of the electronic document; and 

using the electronic key of the electronic voucher at the user location to decrypt the 
encrypted rendition of the electronic document according to the set of access policies for 
accessing the encrypted rendition of the electronic document . 

15. (Original) The method of claim 14, further comprising: 

determining whether the encrypted rendition of the electronic document is available at the 
user location; 

wherein, if it is determined that the encrypted rendition is available at the user location, 
requesting access includes: 

extracting from the encrypted rendition a reference to the document repository where one 
or more renditions of the electronic document are stored; and 

requesting access to the rendition from the document repository identified by the 
extracted reference. 

16. (Original) The method of claim 15, wherein: 

the encrypted rendition includes a document identifier and the reference to the document 
repository includes a path for accessing the document repository over a computer network; and 
requesting access includes: 

retrieving the document identifier and the path from the encrypted rendition; and 
sending an access request to the document repository specified by the retrieved path, the 
access request including the document identifier. 

17. (Cancelled) 

18. (Currently Amended) The method of claim [[17]]J_4, wherein the set of access policies 
include information indicating that a user at the user location is authorized to perform one or 
more of the following operations: 

adding content to the electronic document, adding comments to the electronic document, 
applying a digital signature to the electronic document, saving the electronic document, printing 
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the electronic document, importing form data into the electronic document, exporting form data 
from the electronic document, and transmitting the electronic document to another user. 

19. (Currently Amended) The method of claim [[17]]J4, further comprising: 

verifying, at the user location, that one or more requested operations are allowed by the 
set of access policies for the electronic document. 

20. (Cancelled) 

21. (Original) The method of claim 14, wherein: 

the electronic voucher further includes a set of application rights, the application rights 
being operable to enable one or more disabled operations in an electronic document software 
application at the user location. 

22. (Original) The method of claim 14, wherein the rendition is a Portable Document Format 
document. 

23. (Original) The method of claim 14, further comprising: 

storing the received voucher at the user location. 

24. (Original) The method of claim 14, wherein receiving an electronic voucher comprises: 

determining whether an electronic voucher is stored locally at the user location; and 
if the electronic voucher is stored locally, retrieving the electronic voucher from the local 
storage; 

if the electronic voucher is not stored locally, requesting an electronic voucher from the 
document management system. 

25. (Original) The method of claim 14, further comprising: 

receiving an encrypted rendition of the electronic document. 

26. (Original) The method of claim 14, wherein: 

the voucher includes expiration information including one or more of: a predetermined 
number of access operations before the voucher expires, a particular time period before the 
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voucher expires, and a particular time when the voucher expires. 

27. (Currently Amended) A method for controlling access to an electronic document, 
comprising: 

receiving at a document management system a request from a user for access to an 
electronic document at a user location, a rendition of the electronic document being stored in a 
document repository in the document management system , the document management system 
maintaining a set of access policies for the electronic document, the set of access policies 
including access policies for a plurality of users, each user having an identity on the document 
management system, the document management system authenticating users based on the users' 
identities, the document having multiple renditions, the access policies applying to the document 
and the multiple renditions of the document ; 

authenticating the user at the document management system [[,]] to verify that the user is 
authorized to access the electronic document; wherein, 

when the user is authorized to access the electronic document, 

creating, at the document management system, an encrypted rendition of the 
electronic document using the rendition of the electronic document that is stored in the document 
repository; 

creating, at the document management system, a voucher for accessing the 
encrypted rendition, the voucher including a set of access policies for controlling access to the 
encrypted rendition of the electronic document, the set of access policies including access 
policies for a plurality of users, the voucher further including an electronic key operable to 
decrypt an encrypted rendition of the electronic document; and 

passing the encrypted rendition of the electronic document and the electronic 
voucher to the user location. 

28. (Currently Amended) A computer program product, tangibly embodied in a 
machine-readable storage device, stored on a computer - readable medium, for controlling access 
to an electronic document, comprising instructions operable to cause a programmable processor 
to: 
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receive at a document management system a request from a first user for an electronic 
document at a first user location, the document management system storing a rendition of the 
electronic document being stored in a document repository , the document management system 
maintaining a set of access policies for the electronic document, the set of access policies 
including access policies for a plurality of users, each user having an identity on the document 
management system, the document management system authenticating users based on the users' 
identities, the document having multiple renditions, the access policies applying to the document 
and the multiple renditions of the document in the document management system ; 

authenticate the first user at the document management system[[,]] using [[a]]_the set of 
access policies for the electronic documcnt;[[,]] the sot of access policies including access 
policies for a plurality of users; 

verify that the first user is authorized to obtain the electronic document^ [[;]]and_then 
when the first user is authorized to obtain the electronic document, pass an encrypted rendition of 
the electronic document to the first user; 

receive at the document management system a request from a second user for access to 
the encrypted rendition, where the second user received the encrypted rendition from the first 
user; 

authenticate the second user at the document management system[[,]] using the set of 
access policies[[,]] to establish which operations the second user is allowed to perform on the 
encrypted rendition; 

create, at the document management system, a voucher for accessing the encrypted 
rendition, the voucher including the set of access policies for controlling access to the encrypted 
rendition of the electronic document, the voucher further including an electronic key operable to 
decrypt the encrypted rendition of the electronic document; and 

pass the electronic voucher to the second user located at a second user location. 

29. (Original) The computer program product of claim 28, further comprising instructions to: 

create, at the document management system, the encrypted rendition using the rendition 
that is stored in the document repository. 
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30. (Original) The computer program product of claim 29, wherein the instructions to create a 
voucher comprise instructions to: 

obtain the set of access policies for the second user from an access control list that is 
associated with the electronic document; and 

include the obtained set of access policies in the electronic voucher. 

3 1 . (Original) The computer program product of claim 29, wherein the set of access policies for 
the electronic document identify one or more of the following operations: 

adding content to the rendition, adding comments to the rendition, applying a digital 
signature to the rendition, saving the rendition, printing the rendition, importing form data into 
the rendition, exporting form data from the rendition, and transmitting the rendition to another 
user. 

32. (Previously Presented) The computer program product of claim 29, where the set of access 
policies include: 

a list of application rights. 

33. (Currently Amended) The computer program product of claim 29, further comprising 
instructions to: 

include expiration information in the electronic voucher prior to passing the electronic 
voucher to the second user location. 

34. (Original) The computer program product of claim 33, wherein the expiration information 
includes one or more of: 

a predetermined number of access operations before the voucher expires, a particular 
time period before the voucher expires, and a particular time when the voucher expires. 

35. (Original) The computer program product of claim 28, wherein: 

the instructions to provide the encrypted rendition include instructions to provide the 
encrypted rendition from a location other than the document repository. 



36. (Cancelled) 
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37. (Original) The computer program product of claim 28, wherein the rendition is a Portable 
Document Format document. 

38. (Original) The computer program product of claim 28, further comprising instructions to: 

record information relating to the request in an audit trail for the electronic document. 

39. (Original) The computer program product of claim 28, wherein the first user and the second 
user are the same individual. 

40. (Original) The computer program product of claim 28, wherein the first user location and 
the second user location are identical. 

41 . (Currently Amended) A computer program product, tangibly embodied in a 
machine-readable storage device, stored on a computer readable medium, for accessing an 
electronic document, comprising instructions operable to cause a programmable processor to: 

request, from a document management system, access to an electronic document for a 
user at a user location, one or more renditions of the electronic document being stored in a 
document repository in the document management system , the document management system 
maintaining a set of access policies for the electronic document, the set of access policies 
including access policies for a plurality of users, each user having an identity on the document 
management system, the document management system authenticating users based on the users' 
identities, the document having multiple renditions, the access policies applying to the document 
and the multiple renditions of the document, wherein requesting access to an electronic 
document for a user at a user location includes providing authentication information to 
authenticate the user to the document management system ; 

receive at the user location an electronic voucher from the document management system 
for the electronic document, the electronic voucher including a set of access policies for 
accessing the encrypted rendition of the electronic document, the set of access policies including 
access policies for a plurality of users, and an electronic key operable to decrypt the encrypted 
rendition of the electronic document; and 

use the electronic key of the electronic voucher at the user location to decrypt the 
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encrypted rendition of the electronic document according to the set of access policies for 
accessing the encrypted rendition of the electronic document . 

42. (Original) The computer program product of claim 41, further comprising instructions to: 

determine whether the encrypted rendition of the electronic document is available at the 
user location; 

wherein, if it is determined that the encrypted rendition is available at the user location, 
requesting access includes instructions to: 

extract from the encrypted rendition a reference to the document repository where one or 
more renditions of the electronic document are stored; and 

request access to the rendition from the document repository identified by the extracted 
reference. 

43. (Original) The computer program product of claim 42, wherein: 

the encrypted rendition includes a document identifier and the reference to the document 
repository includes a path for accessing the document repository over a computer network; and 
the instructions to request access include instructions to: 
retrieve the document identifier and the path from the encrypted rendition; and 
send an access request to the document repository specified by the retrieved path, the 
access request including the document identifier. 

44. (Cancelled) 

45. (Currently Amended) The computer program product of claim [[44]]_41, wherein the set of 
access policies include information indicating that a user at the user location is authorized to 
perform one or more of the following operations: 

adding content to the electronic document, adding comments to the electronic document, 
applying a digital signature to the electronic document, saving the electronic document, printing 
the electronic document, importing form data into the electronic document, exporting form data 
from the electronic document, and transmitting the electronic document to another user. 



46. (Currently Amended) The computer program product of claim [[44]] _41 , further comprising 
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instructions to: 

verify, at the user location, that one or more requested operations are allowed by the set 
of access policies for the electronic document. 

47. (Cancelled) 

48. (Original) The computer program product of claim 41, wherein: 

the electronic voucher further includes a set of application rights, the application rights 
being operable to enable one or more disabled operations in an electronic document software 
application at the user location. 

49. (Original) The computer program product of claim 41, wherein the rendition is a Portable 
Document Format document. 

50. (Original) The computer program product of claim 41, further comprising instructions to: 

store the received voucher at the user location. 

5 1 . (Original) The computer program product of claim 4 1 , wherein the instructions to receive 
an electronic voucher comprise instructions to: 

determine whether an electronic voucher is stored locally at the user location; and 
if the electronic voucher is stored locally, retrieving the electronic voucher from the local 
storage; 

if the electronic voucher is not stored locally, request an electronic voucher from the 
document management system. 

52. (Original) The computer program product of claim 41 , further comprising instructions to: 

receive an encrypted rendition of the electronic document. 

53. (Original) The computer program product of claim 41, wherein: 

the voucher includes expiration information including one or more of: a predetermined 
number of access operations before the voucher expires, a particular time period before the 
voucher expires, and a particular time when the voucher expires. 



Applicant : Bill Shapiro et al. Attorney's Docket No.: 07844-609001 /P562 

Serial No. : 10/659,874 
Filed : September 9, 2003 
Page : 13 of 22 

54. (Currently Amended) A computer program product, tangibl y embodied in a 
machine-readable storage device, stored on a computer readable medium, for controlling access 
to an electronic document, comprising instructions operable to cause a programmable processor 
to: 

receive at a document management system a request from a user for access to an 
electronic document at a user location, a rendition of the electronic document being stored in a 
document repository in the document management system , the document management system 
maintaining a set of access policies for the electronic document, the set of access policies 
including access policies for a plurality of users, each user having an identity on the document 
management system, the document management system authenticating users based on the users' 
identities, the document having multiple renditions, the access policies applying to the document 
and the multiple renditions of the document ; 

authenticate the user at the document management system[[,]] to verify that the user is 
authorized to access the electronic document; wherein, 

when the user is authorized to access the electronic document, 

create, at the document management system, an encrypted rendition of the 
electronic document using the rendition of the electronic document that is stored in the document 
repository; 

create, at the document management system, a voucher for accessing the 
encrypted rendition, the voucher including a set of access policies for controlling access to the 
encrypted rendition of the electronic document, the set of access policies including access 
policies for a plurality of users, the voucher further including an electronic key operable to 
decrypt an encrypted rendition of the electronic document; and 

pass the encrypted rendition of the electronic document and the electronic 
voucher to the user location. 
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55. (New) A system, comprising: 

means for receiving at a document management system a request from a first user for an 
electronic document at a first user location, the document management system storing a rendition 
of the electronic document in a document repository, the document management system 
maintaining a set of access policies for the electronic document, the set of access policies 
including access policies for a plurality of users, each user having an identity on the document 
management system, the document management system authenticating users based on the users' 
identities, the document having multiple renditions, the access policies applying to the document 
and the multiple renditions of the document; 

means for authenticating the first user at the document management system using the set 
of access policies for the electronic document, 

means for verifying that the first user is authorized to obtain the electronic document, and 
then passing an encrypted rendition of the electronic document to the first user; 

means for receiving at the document management system a request from a second user 
for access to the encrypted rendition, where the second user received the encrypted rendition 
from the first user; 

means for authenticating the second user at the document management system using the 
set of access policies to establish which operations the second user is allowed to perform on the 
encrypted rendition; 

means for creating, at the document management system, a voucher for accessing the 
encrypted rendition, the voucher including the set of access policies for controlling access to the 
encrypted rendition of the electronic document, the voucher further including an electronic key 
operable to decrypt the encrypted rendition of the electronic document; and 

means for passing the electronic voucher to the second user located at a second user 
location. 

56. (New) The system of claim 55, further comprising: 

means for creating, at the document management system, the encrypted rendition using 
the rendition that is stored in the document repository. 
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57. (New) The system of claim 55, wherein creating a voucher comprises: 

obtaining the set of access policies for the second user from an access control list that is 
associated with the electronic document; and 

including the obtained set of access policies in the electronic voucher. 

58. (New) The system of claim 55, wherein the set of access policies for the electronic 
document identify one or more of the following operations: 

adding content to the rendition, adding comments to the rendition, applying a digital 
signature to the rendition, saving the rendition, printing the rendition, importing form data into 
the rendition, exporting form data from the rendition, and transmitting the rendition to another 
user. 

59. (New) The system of claim 55, where the set of access policies include: 

a list of application rights. 

60. (New) The system of claim 55, further comprising: 

means for including expiration information in the electronic voucher prior to passing the 
electronic voucher to the second user location. 

61 . (New) The system of claim 60, wherein the expiration information includes one or more of: 

a predetermined number of access operations before the voucher expires, a particular 
time period before the voucher expires, and a particular time when the voucher expires. 

62. (New) The system of claim 56, wherein: 

providing the encrypted rendition includes providing the encrypted rendition from a 
location other than the document repository. 

63. (New) The system of claim 55, wherein the rendition is a Portable Document Format 
document. 

64. (New) The system of claim 55, further comprising: 

means for recording information relating to the request in an audit trail for the electronic 
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document. 

65. (New) The system of claim 55, wherein the first user and the second user are the same 
individual. 

66. (New) The system of claim 55, wherein the first user location and the second user location 
are identical. 

67. (New) A system, comprising: 

means for requesting, from a document management system, access to an electronic 
document for a user at a user location, one or more renditions of the electronic document being 
stored in a document repository in the document management system, the document 
management system maintaining a set of access policies for the electronic document, the set of 
access policies including access policies for a plurality of users each user having an identity on 
the document management system, the document management system authenticating users based 
on the users' identities, the document having multiple renditions, the access policies applying to 
the document and the multiple renditions of the document, wherein requesting access to an 
electronic document for a user at a user location includes providing authentication information to 
authenticate the user to the document management system; 

means for receiving at the user location an electronic voucher from the document 
management system for the electronic document, the electronic voucher including a set of access 
policies for accessing an encrypted rendition of the electronic document, the set of access 
policies including access policies for a plurality of users, and an electronic key operable to 
decrypt the encrypted rendition of the electronic document; and 

means for using the electronic key of the electronic voucher at the user location to 
decrypt the encrypted rendition of the electronic document according to the set of access policies 
for accessing the encrypted rendition of the electronic document. 

68. (New) The system of claim 67, further comprising: 

means for determining whether the encrypted rendition of the electronic document is 
available at the user location; 
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wherein, if it is determined that the encrypted rendition is available at the user location, 
requesting access includes: 

extracting from the encrypted rendition a reference to the document repository where one 
or more renditions of the electronic document are stored; and 

requesting access to the rendition from the document repository identified by the 
extracted reference. 

69. (New) The system of claim 68, wherein: 

the encrypted rendition includes a document identifier and the reference to the document 
repository includes a path for accessing the document repository over a computer network; and 
requesting access includes: 

retrieving the document identifier and the path from the encrypted rendition; and 
sending an access request to the document repository specified by the retrieved path, the 
access request including the document identifier. 

70. (New) The system of claim 67, wherein the set of access policies include information 
indicating that a user at the user location is authorized to perform one or more of the following 
operations: 

adding content to the electronic document, adding comments to the electronic document, 
applying a digital signature to the electronic document, saving the electronic document, printing 
the electronic document, importing form data into the electronic document, exporting form data 
from the electronic document, and transmitting the electronic document to another user. 

71. (New) The system of claim 67, further comprising: 

means for verifying, at the user location, that one or more requested operations are 
allowed by the set of access policies for the electronic document. 

72. (New) The system of claim 67, wherein: 

the electronic voucher further includes a set of application rights, the application rights 
being operable to enable one or more disabled operations in an electronic document software 
application at the user location. 
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73. (New) The system of claim 67, wherein the rendition is a Portable Document Format 
document. 

74. (New) The system of claim 67, further comprising: 

means for storing the received voucher at the user location. 

75. (New) The system of claim 67, wherein receiving an electronic voucher comprises: 

determining whether an electronic voucher is stored locally at the user location; and 
if the electronic voucher is stored locally, retrieving the electronic voucher from the local 
storage; 

if the electronic voucher is not stored locally, requesting an electronic voucher from the 
document management system. 

76. (New) The system of claim 67, further comprising: 

means for receiving an encrypted rendition of the electronic document. 

77. (New) The system of claim 67, wherein: 

the voucher includes expiration information including one or more of: a predetermined 
number of access operations before the voucher expires, a particular time period before the 
voucher expires, and a particular time when the voucher expires. 

78. (New) A system, comprising: 

means for receiving at a document management system a request from a user for access 
to an electronic document at a user location, a rendition of the electronic document being stored 
in a document repository in the document management system, the document management 
system maintaining a set of access policies for the electronic document, the set of access policies 
including access policies for a plurality of users, each user having an identity on the document 
management system, the document management system authenticating users based on the users' 
identities, the document having multiple renditions, the access policies applying to the document 
and the multiple renditions of the document; 

means for authenticating the user at the document management system to verify that the 
user is authorized to access the electronic document; wherein, 
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when the user is authorized to access the electronic document, the system further 
comprises: 

means for creating, at the document management system, an encrypted rendition 
of the electronic document using the rendition of the electronic document that is stored in the 
document repository; 

means for creating, at the document management system, a voucher for accessing 
the encrypted rendition, the voucher including a set of access policies for controlling access to 
the encrypted rendition of the electronic document, the set of access policies including access 
policies for a plurality of users, the voucher further including an electronic key operable to 
decrypt an encrypted rendition of the electronic document; and 

means for passing the encrypted rendition of the electronic document and the 
electronic voucher to the user location. 



